Vulnerability-Lookup

CNVD-2026-22784

Vulnerability from cnvd - Published: 2026-06-05

Title

TRENDnet TEW-821DAP数据伪造问题漏洞

Description

TRENDnet TEW-821DAP是美国趋势网络（TRENDnet）公司的一款无线接入点。 TRENDnet TEW-821DAP存在数据伪造问题漏洞。该漏洞源于固件更新处理组件中cameo_dev.sh文件的platform_do_upgrade_cameo_dev函数存在数据真实性验证不足，攻击者可利用该漏洞上传恶意固件。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.trendnet.com/support/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-7611

Impacted products

Name
TRENDnet TEW-821DAP <=1.12B01

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-7611",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-7611"
    }
  },
  "description": "TRENDnet TEW-821DAP\u662f\u7f8e\u56fd\u8d8b\u52bf\u7f51\u7edc\uff08TRENDnet\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u70b9\u3002\n\nTRENDnet TEW-821DAP\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u56fa\u4ef6\u66f4\u65b0\u5904\u7406\u7ec4\u4ef6\u4e2dcameo_dev.sh\u6587\u4ef6\u7684platform_do_upgrade_cameo_dev\u51fd\u6570\u5b58\u5728\u6570\u636e\u771f\u5b9e\u6027\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u56fa\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.trendnet.com/support/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-22784",
  "openTime": "2026-06-05",
  "products": {
    "product": "TRENDnet TEW-821DAP \u003c=1.12B01"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-7611",
  "serverity": "\u4f4e",
  "submitTime": "2026-05-11",
  "title": "TRENDnet TEW-821DAP\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2026-7611 (GCVE-0-2026-7611)

Vulnerability from cvelistv5 – Published: 2026-05-02 09:30 – Updated: 2026-05-04 17:51 Unsupported When Assigned

Title

TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity

Summary

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

Severity

6.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R

3.7 (Low)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

VulDB

References

4 references

URL	Tags
https://vuldb.com/vuln/360568	vdb-entrytechnical-description
https://vuldb.com/vuln/360568/cti	signaturepermissions-required
https://vuldb.com/submit/806218	third-party-advisory
https://github.com/IOTRes/IOT_Firmware_Update/blo…	patch

Impacted products

1 product

Vendor	Product	Version
TRENDnet	TEW-821DAP	Affected: 1.12B01 cpe:2.3:o:trendnet:tew-821dap_firmware::::::::

Credits

IOT_Res (VulDB User) VulDB CNA Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7611",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T16:14:15.439816Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:51:38.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:trendnet:tew-821dap_firmware:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Firmware Update Handler"
          ],
          "product": "TEW-821DAP",
          "vendor": "TRENDnet",
          "versions": [
            {
              "status": "affected",
              "version": "1.12B01"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "IOT_Res (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platform_do_upgrade_cameo_dev of the file cameo_dev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is said to be difficult. The vendor explains: \"That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling\". This vulnerability only affects products that are no longer supported by the maintainer."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-02T09:30:12.219Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-360568 | TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/360568"
        },
        {
          "name": "VDB-360568 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/360568/cti"
        },
        {
          "name": "Submit #806218 | Trendnet TEW-821DAP v1.12B01  CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/806218"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_Inte.md"
        }
      ],
      "tags": [
        "unsupported-when-assigned"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-05-01T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-05-01T14:13:06.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "TRENDnet TEW-821DAP Firmware Update cameo_dev.sh platform_do_upgrade_cameo_dev data authenticity"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-7611",
    "datePublished": "2026-05-02T09:30:12.219Z",
    "dateReserved": "2026-05-01T12:07:42.405Z",
    "dateUpdated": "2026-05-04T17:51:38.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-22784

CVE-2026-7611 (GCVE-0-2026-7611)

Tags

Sightings

Nomenclature